CHANGES.md
Linkerd 1.7.5 is a maintenance release which adds an option to build the Linkerd and Namerd executable jar files without including the Zookeeper libraries which depend on an old version of log4j
Linkerd 1.7.5-rc1 is a release candidate for Linkerd 1.7.5
This is a release candidate that updates the following dependencies:
lodash: 4.17.15 -> 4.17.21 Finagle: 20.4.1 -> 21.4.0 handlebars: 4.7.6 -> 4.7.7 y18n: 4.0.0 -> 4.0.1 http-proxy: 1.18.0 -> 1.18.1
Linkerd 1.7.4 includes two fixes contributed by the open source community,
which is so greatly appreciated. The first fix enables Linkerd to properly
use dtab paths which include # symbols used by ZooKeeper serverset shard
syntax.
The second fix sets MaxInitialLineSize value for the HttpConfig from
maxInitialSizeKB parameter in the router configuration for Linkerd.
Among other things, this ensures that Linkerd can properly handle URLs that
are very long.
Linkerd 1.7.3 is a maintenance release that upgrades finagle to 20.4.1 and netty to 4.1.47-Final. The node and eslint dependencies required by the Admin UI are also upgraded to 14.2.0 and 6.8.0, respectively.
Linkerd 1.7.2 is a point release which addresses gRPC responses which have no bodies, but do have trailers. With this change in place, Linkerd will return a failed Future containing a Non-Ok GrpcStatus instance when handling empty gRPC responses with EOS trailers.
Our gratitude goes out to jlawrienyt for finding and fixing this issue.
Linkerd 1.7.1 adds a parameter named initialStreamWindowSizeKB to
MeshInterpreterInitializer.scala. This parameter is used to configure the
initial flow-control window size
that the H2 client in the io.l5d.mesh interpreter sends to the H2 server.
| Parameter Name | Default Value | Description |
|---|---|---|
initialStreamWindowSizeKB | 1024 (1 MB) | Sets the initial flow-control window size for the H2 client used by the intepreter |
This release is brought to you with fixes from these contributors. Thank you all SO much for being a part of the community! Robert Panzer Robert Macaulay
Full release notes:
maxConcurrentStreams for server dispatchers #2327initialStreamWindowSizeKB parameter to the io.l5d.mesh interpreter. #2364Linkerd 1.7.0 includes a number of memory leak fixes for Linkerd and its
underlying grpc-runtime module. This release includes improvements for
SNI-enabled TLS communication, support for streaming arbitrarily large HTTP
requests and responses in HTTP/1 and HTTP/2 as well an upgraded JDK for
improved Docker container support.
A special thank you to Fantayeneh for their awesome work on #2315
Full release notes:
Breaking Change
maxRequestKB and maxResponseKB from Linkerd's configuration
options in favor of streamAfterContentLengthKB. These parameters were
primarily intended to limit the amount of memory Linkerd used when buffering
requests. The streamAfterContentLengthKB parameter achieves this more
efficiently by streaming large messages instead of buffering them.Consul
io.l5d.consul namer
to allow for arbitrarily large responses from ConsulLinkerd Configuration
maxCallDepth that prevents unbounded
cyclic proxy request routingl5d-err header values by
using maxErrResponseKB in an HTTP routersocketOptions were being ignored when partially
configuredTLS
HTTP/2
grpc-runtime module to experience direct
memory leaksUpdates Linkerd's JDK version for improved container support
Linkerd 1.6.4 updates the finagle version to 19.5.1 and adds support for configuring message response sizes from when using consul.
ConsulInitializer.scala now includes the parameters below which are used
to configure the Http.client object that is instantiated in the newNamer
method.
| Parameter Name | Default Value | Description |
|---|---|---|
maxHeadersKB | 8 | The maximum size of all headers in an HTTP message created by the Consul client |
maxInitialLineKB | 4 | The maximum size of an initial HTTP message line created by the Consul client |
maxRequestKB | 5120 | The maximum size of a non-chunked HTTP request payload sent by the Consul client |
maxResponseKB | 5120 | The maximum size of a non-chunked HTTP response payload received by the Consul client |
Full release notes:
Linkerd 1.6.3 includes a bug fix for Namerd's io.l5d.k8s dtab storage module. This fix exposes
HTTP request and response metrics for the Kubernetes API client used to store dtabs. Namerd also
includes a new logging dashboard page that allows you to change Namerd's logging verbosity at
runtime. In addition, this release improves Linkerd's HTTP/2 implementation to better manage direct
memory and includes a fix for Linkerd's interpreter_state watch state endpoint.
A special thank you to the following contributors for their awesome doc update contributions:
Full release notes:
io.l5d.k8s dtab storage module. This change now
instruments the HTTP client that interacts with the Kubernetes API used for storing dtabs.RST_STREAM frame.BufferUnderflowException that could be triggered when viewing Linkerd's
interpreter watch state endpoint. This issue occurs when using Linkerd's io.l5d.namerd thrift
interpreter.GC_LOG
start-up flag is not set on JVMs using Java 1.8 or earlier.This Linkerd release includes bug fixes for Namerd's k8s watch API as well as memory management
improvements in the io.l5d.zk storage plugin. This release features a new failure detector
module in the io.l5d.mesh interpreter that sends "heartbeat" pings on all HTTP/2 connections to
Namerd. This is intended to monitor the health of connections between Linkerd and Namerd so that
connections are torn down and re-established if a ping message is not received within a configured
amount of time.
This release also includes doc updates from the following contributors:
A big shoutout to all contributors listed above for their great work!
Full release notes:
OutOfMemoryErrorException caused by OpenJ9's JDK base imageio.l5d.zk dtab storage moduleio.l5d.mesh interpreter to help monitor the health of
connections to Namerd. The failure detector can be configured by providing a minPeriodMs
which sets the duration between each successive ping and a closeTimeoutMs parameter that
sets a duration that must elapse before a connection is marked as "unhealthy"socketOptions in the client section of a Linkerd configThe first 1.x release of the year brings minor bug fixes to Namerd, the io.l5d.consul and
io.l5d.curator namers. This release features contributions from NCBI
and ThreeComma. A big thank you to edio and
Chris Goffinet for their contributions in this release.
Full release notes:
io.l5d.consul namer's error handling in cases were it receives intermittent 5xx
HTTP errors from Consuljava.lang.NoSuchMethodError that would sometimes occur when using the io.l5d.curator
namerNullPointerException that would occur when using the io.l5d.mesh interface in Namerdbacklog to socketOptions that allows you to set up a
backlog queue size for TCP connectionsinterpreter_state watch endpoint would sometimes display incorrect
IP addressesLinkerd 1.6.0 includes a Finagle upgrade that reduces direct memory allocation and adds support for more efficient HTTP/1.1 streaming for large HTTP requests. This release also improves Linkerd's execution script to run with Java 9 and higher. Finally, this release adds a new gRPC response-classifier that may be configured with user defined gRPC status codes.
Full release notes:
requestAuthorizers are now configured in the client section of a router configuration.maxChunkKB has been removed and is no longer configurable for HTTP/1.1 routers. Rather than
enforcing a hard size limit, Linkerd now streams HTTP/1.1 chunked messages that exceed
streamAfterContentLengthKBHTTP/1.1
streamAfterContentLengthKB that sets a threshold at which HTTP
messages will be streamed instead of being fully buffered in memory, even when chunked-encoding is
not used.io.l5d.consul namer would be cleared if
a 5xx API response was received from Consul.io.l5d.h2.grpc.* response classifiers to classify gRPC status codes as
Success based off of a user defined list within the response classification section of a config.readTimeoutMs and writeTimeoutMsvalues
from socket option configs.Linkerd 1.5.2 adds performance improvements to HTTP/2, dramatically improving throughput when sending many small frames as is common when using unary gRPC methods. It also fixes a long standing race condition where Linkerd could get stuck using out of date endpoint data from the Kubernetes API.
Full release notes:
exception label.keepAlive property in the server socket options config. This allows you to enable the SO_KEEPALIVE socket option which removes dead connections that did not close properly and can therefore help prevent connection leaks. Big thanks to Jonathan Reichhold for this!Linkerd 1.5.1 adds a new io.l5d.consul.interpreter that allows Linkerd to read dtabs directly from
a Consul KV store agent instead of using Namerd. In addition, this release fixes an issue in
the HTTP/2 router where Linkerd would get stuck handling connections in certain cases.
This release features contributions from OfferUp, Planet Labs and Buoyant with a special shoutout to Leo Liang and Chris Taylor for their work on fixing a bug in the DNS SRV namer.
Full release notes:
RST_STREAM frame to its remote peer. This was causing gRPC
clients to experience timeout errors intermittently because connections between Linkerd and its
remote peers weren't being closed properly.maxConcurrentStreamsPerConnection config value for the h2 router to 1000 by default
to prevent Linkerd from running out of memory when HTTP/2 clients leak connection streams.io.l5d.consul namer HTTP polling requests to prevent an issue where
the namer holds on to stale service discovery information.io.l5d.consul.interpreter that allows Linkerd to read dtabs directly from a Consul
KV store.io.l5d.dnssrv namer would get into a bad state and fail to resolve
service names.BalancerRegistry failing to properly remove
Balancer objects.Linkerd 1.5.0 adds the long awaited ability to make Linkerd config changes with
zero downtime! 🤯 This release adds the socketOptions.reusePort config property which allows
multiple processes to bind to the same port. In this way, you can start a new Linkerd process
and wait for it to start serving requests before gracefully shutting down the old Linkerd process.
Note that this feature is only available on Linux 3.9 distributions and newer.
This release features contributions from Applause, ThreeComma, GuteFrage GmbH, and Buoyant. An extra special thank you to Zack Angelo for laying the groundwork in Finagle for the reusePort feature!
Full release notes:
threshold and windowSize options have been removed from the failureThreshold config in the Namerd interpreter. These options were of limited value and are no longer supported by Finagle.socketOptions config in a server config.SO_REUSEPORT socket option. This allows multiple processes to bind to the same port and is a great way to do zero downtime Linkerd deploys.Linkerd 1.4.6 adds even more watch state endpoints to Linkerd's debugging arsenal, allowing you to inspect the state of Linkerd’s watches easily. This release adds watch state endpoints for the Kubernetes ConfigMap interpreter as well as the Marathon and filesystem namers.
Full release notes:
x-forwarded-client-cert header was not always cleared on incoming
requests.io.l5d.etcd namer client.io.l5d.marathon, io.l5d.fs, and io.l5d.k8s.configMap watch state endpoints to
allow diagnosis of Linkerd’s various watches.io.l5d.zipkin trace propagation plugin that writes Zipkin B3 trace headers to
outgoing requests. Previously, Zipkin trace headers were ignored by Linkerd in order for Linkerd
to not interfere with other tracing systems like Zipkin.io.l5d.destination interface which implements the Linkerd
destination API.Linkerd 1.4.5 contains some minor bugfixes and introduces two much-requested features. First, it is now possible to selectively disable Linkerd's admin endpoints, e.g., keep the UI functional but to disable the shutdown endpoint. A huge thanks to Robert Panzer for all his hard work on this.
Second, we've added experimental support for the OpenJ9 JVM.
Preliminary tests with OpenJ9 exhibit a 3x reduction in startup time, a 40% reduction in memory
footprint, and a 3x reduction in p99 latency. You can find a Linkerd+OpenJ9 Docker image at
buoyantio/linkerd:1.4.5-openj9-experimental on
Docker Hub.
Full release notes:
security section to the admin config that controls which admin endpoints are enabledLinkerd 1.4.4 continues our focus on diagnostics, performance, and stability. This release features several performance and diagnostics improvements, including better handling of HTTP/2 edge cases, new watch state introspection for the Consul namer, and better isolation of admin page serving from the primary data path. It also features a new, pluggable trace propagation module that allows for easier integration with tracing systems like OpenTracing.
This release features contributions from Salesforce, Walmart, WePay, Comcast, ScalaConsultants, OfferUp, Buoyant, and more. A big thank you to:
Full release notes:
trustCerts config field in the client TLS section in favor of
trustCertsBundle. This allows you to use multiple trust certs in one file and avoids the need
for Linkerd to create temporary files.ConnectionFailed
exception sent back to a client via Linkerd.l5d-err header in an HTTP/2 response.io.l5d.consul namer.io.l5d.consul namer sometimes does not retry ConnectionRefused
exception.io.l5d.consul namer returns a single IP for a service node instead of
multiple IP addresses for a service node.intepreter_state endpoint was not available for interpreters that
contained a transformer.namer_state endpoint to expose namers that use transformers.This is a follow up release that includes diagnostic tracing for H2 requests.
Full release notes:
Linkerd 1.4.2 continues its focus on diagnostics and stability. This release introduces Diagnostic Tracing, a feature that helps describe how Linkerd routes requests by displaying detailed routing information from each hop through your application. Stay tuned for a deep dive blog post about this feature coming soon.
We’re also excited to share improvements to Linkerd’s error handling. Previously, when Linkerd
failed to route a request, it could fail with a notoriously confusing No Hosts Available error.
Now, these errors include more useful, informative diagnostic information to help explain the cause
of the failure.
Full release notes:
No Hosts Available exception. Linkerd returns a less cryptic user-friendly message that includes information such as alternative service name resolutions and dtabs used for name resolution.TRACE request forwarded to a service.io.l5d.rewrite no longer work.Linkerd 1.4.1 is focused on adding diagnostics and improved behavior in production environments.
This release features contributions from Strava, Signal, OfferUp, Scalac, Salesforce, and Buoyant. A big thank you to:
Full release notes:
/namer_state/io.l5d.k8s.json/interpreter_state/io.l5d.namerd/<namespace>.json/interpreter_state/io.l5d.mesh/<root>.jsonintermediateCertsPath config setting to client and server TLS. This allows you to specify a file containing intermediate CA certificates supporting the main certificate.l5d-ctx-* headers on HTTP/2 requests../admin/shutdown endpoint.Linkerd 1.4.0 upgrades us to the latest versions of Finagle and Netty and features lower memory usage for large payloads. Two new configuration options have been introduced: client connection lifetimes and access log rotation policy. One breaking change has been introduced around the configuration file syntax for loggers. This release features contributions from ThreeComma, ScalaConsultants, Salesforce, and Buoyant.
Linkerd 1.3.7 includes memory leak fixes, tons of improvements for Consul, and more! This release features contributions from ThreeComma, NCBI, WePay, Salesforce, Homeaway, Prosoft, and Buoyant.
This release focuses on correctness and bug fixes. Much of the work was in service to Linkerd's Kubernetes and Consul support. This release features contributions from Salesforce, NCBI, Planet Labs, Buoyant, FOODit, and Variomedia.
io.l5d.fs by cleaning them up in case of errors (#1787).ignoreDefaultBackends config key under io.l5d.ingress. This adds a 'strict' Kubernetes ingress identifier that ignores default backends (#1794). Thanks to @negz!io.l5d.k8s namer (#1774).x-forwarded-client-cert header can't be spoofed (#1811). Thanks to @drichelson!h2AccessLog config key in h2 routers (#1786).This release focuses on quality, and on improving the debugging process. It includes improvements and fixes for Linkerd's Kubernetes support, administrative UI, and Namerd control plane. It officially graduates HTTP/2 support out of experimental, and also features a number of community contributions!
io.l5d.mesh Namerd interface are no longer experimental (#1782)! 🎓io.l5d.thriftNameInterpreter interface (#1762). Thanks to @jackkleeman!Linkerd 1.3.4 continues the focus on reliability and stability. It includes a bugfix for HTTP/2 and gRPC routers, several improvements to the Consul namer and dtab store, fixes for 4xx responses in the Kubernetes namer, and more.
io.l5d.path identifier would consume query parameters from the request URL, preventing them from reaching the downstream service (#1734).NoHostsAvailable exception thrown by io.l5d.mesh when Namerd has namers configured with transformers (#1729).:rotating_light: Bugfix extravanganza alert! :rotating_light:
This release is an exciting one! We received a lot of contributions from our awesome Linkerd community. Special thanks to @sgrankin and @carloszuluaga, just to name a few. Checkout our recent blog post for the full list of everyone that contributed to release 1.3.3.
io.l5d.etcd as a dtab store returns a 500 HTTP Response when listing DTabs. (#1702)AsyncStream memory leak in the Kubernetes watch API. Thanks @sgrankin for this PR! (#1714)io.l5d.dnssrv namer plugin does not always update DNS records. Awesome contribution from @carloszuluaga (#1719)io.l5d.thriftNameInterpreter interfaceforwardClientCert to HTTP and HTTP/2 client configurations which causes Linkerd to forward client TLS certificates in the x-forwarded-client-cert headertimestampHeader configuration to support New Relic request queue (#1672).engine: configuration key is no longer valid.io.l5d.k8s.configMap interpreter failing to update after receiving an invalid dtab (#1639).prefix: configuration key to add a prefix to all metrics reported by Linkerd (#1655).domain config key for relative DNS lookups (#1637).dnssrv metrics scope from SRV record namer metrics (#1637).ServiceInstance objects with custom payloads (#1272).Fix for an issue where Kubernetes namers would continue to route to old endpoints after a service was deleted and re-created, or scaled down to 0 and then scaled back up.
Also includes:
io.l5d.mesh, io.l5d.thriftNameInterpreter, Linkerd
admin, and Namerd admin now serve on 127.0.0.1 by default (instead of
0.0.0.0).io.l5d.dnssrv namer for DNS SRV records (#1611)io.l5d.k8s.configMap interpreter for reading dtabs from a Kubernetes ConfigMap (#1603). This interpreter will respond to changes in the ConfigMap, allowing for dynamic dtab updates without the need to run Namerd.io.l5d.k8s and io.l5d.k8s.ns namers (#1603).ReaderDiscarded exception logged on HTTP/1 retries (#1609)disableValidation: true and clientAuth settings in TLS client configurations (#1621)io.l5d.mesh, io.l5d.thriftNameInterpreter, Linkerd
admin, and Namerd admin to serve on 127.0.0.1 by default (instead of
0.0.0.0) (#1366)io.l5d.statsd telemeter.The 1.1.3 release of Linkerd is mostly focused on improving our HTTP/2 support, including better support for gRPC. Linkerd now supports automatic retries in HTTP/2 for retryable requests.
grpc-status code
to determine if the response was successful and if it should be retried.
See the docs for details.io.l5d.k8s.istio
identifier can now be used in H2 router configs.Content-Length.This is a big release with lots of fun stuff inside.
We've added some new features!
We’ve fixed some things!
targetPort value is returned as a name instead of a number.We’ve made some internal changes to keep up with the latest and greatest:
io.l5d.httpController and io.l5d.mesh Namerd
interfaces.thriftProtocol from a client/server param to a
router param.io.l5d.k8s.ns namer for routing within a fixed namespace.l5d-retryable header.io.l5d.nonRetryable5XX id has been renamed to io.l5d.http.nonRetryable5XX.io.l5d.retryableRead5XX id has been renamed to io.l5d.http.retryableRead5XX.io.l5d.retryableIdempotent5XX id has been renamed to io.l5d.http.retryableIdempotent5XX.io.l5d.headerToken id has been renamed to io.l5d.header.token.io.l5d.headerPath id has been renamed to io.l5d.header.path.io.l5d.h2.ingress id has been renamed to io.l5d.ingress.io.l5d.http.ingress id has been renamed to io.l5d.ingress.io.l5d.influxdb LINE telemeter.tree and q params to /admin/metrics.json.io.l5d.mesh Linkerd interpreter and Namerd iface. The mesh
iface exposes a gRPC API that can be used for multiplexed, streaming updates.
(Experimental)baseDtab router property to dtab.dstPrefix from the protocol name to /svc.io.l5d.header.token identifier.dest request header when using the
TTwitter Thrift protocol.io.l5d.commonMetrics telemeter.io.l5d.prometheus telemeter.tracers router config in favor of the io.l5d.zipkin telemeter.preferServiceAddress option to io.l5d.consul namerio.l5d.consul case-insensitiveroundRobin as a load balancer option.clearContext server configuration option.Forwarded headerio.buoyant.hostportPfx and io.buoyant.porthostPfx namers for
splitting port numbers out of hostnamesio.l5d.rewrite namer for arbitrary reordering of path segments-32b docker image is
also available but does not support the boringssl TLS extensions required for
ALPN, etc.failureAccrual parameterio.l5d.namerd.http interpreter which uses Namerd's streaming HTTP apil5d-ctx-dtab header instead of
dtab-localattemptTTwitterUpgrade to falseio.l5d.consul and io.l5d.k8s namers are no longer experimental 🎉h2 protocol to gracefully handle connection loss and
stream interruption.io.l5d.static identifieruseHealthCheck option to marathon namerlabelSelector option to k8s and k8s.external namershostNetwork option to k8s transformers to support CNI environments.local to reference local agent's datacenter.ip option to admin configuration so that access to the
admin server may be constrained.io.buoyant.rinet namer which is like inet but with the order
of host and port reversednetty4 HTTP engine now works with TLS, supporting configurable
ciphers, backed by BoringSSL!h2 protocol, supporting gRPC! :balloon:RequestIdentification object.consistencyMode option to io.l5d.consul namerreadConsistencyMode and writeConsistencyMode options to
io.l5d.consul dtab storagefailFast and failureAccrual is now
disabled by default but can be enabled with the failFast optiondebugTrace tracer configuration flag has been
removed in favor of the io.l5d.tracelog telemeter.io.l5d.header identifier for naming requests based on an HTTP headerHost header value in io.l5d.methodAndHost identifieruseHealthCheck parameter to Consul Namer #589enableProbation is now disabled by default on clients. It leads to
unexpected behavior in environments that reuse IP:PORT pairs across
services in a close time proximity.resolve endpointauthority metadata field to re-write HTTP host/:authority on demandsetHost parameter for Consul CatalogNamer to set authority metadatatoken parameter to Consul Namer & Dtab Storedatacenter parameter to Consul Dtab Storetracers subsystem./delegate http endpoint to return bound names #569.io.l5d.consul namer.io.l5d.consul storage backend for Namerd.consume option to the io.l5d.path identifier to strip off the path
segments that it reads from the URI.JVM_HEAP is now deprecated, you can now separately set JVM_HEAP_MIN and
JVM_HEAP_MAX but you shouldn't need to adjust them thanks to the new defaults.l5d-ctx renamed to l5d-ctx-tracel5d-ctx-deadline now propagates deadlinesl5d-ctx-dtab is now read, to replace dtab-local later.l5d-dtab now honored as a replacement for dtab-local as
specified by users.l5d-dst-* no longer set on responsestimeoutMs configuration now applies on the
server-side, so that the timeout acts as a global timeout rather
than an individual request timeout./# now indicates that the path should
be processed by a namer. A namer matches a path starting with /#/<prefix>.experimental: true
property to be set.debugTrace parameter to the tracers config section, which enables
printing all traces to the console.retries client config section supporting configurable retry
budgets and backoffs.kubectl proxy for
securely communicating with the k8s cluster API./admin/metrics/prometheus stats endpoint.bindingTimeoutMs router parameter to configure the maximum amount of
time to spend binding a path./api/1/bind, /api/1/addr, and /api/1/delegate HTTP APIs to Namerd
?watch=true for returning updates via a
streaming response./dashboard on the Linkerd admin site. :chart_with_upwards_trend:httpUriInDst is now specified under the
identifier header (see linkerd/docs/config.md for add'l info)ttlMs marathon namer config option to configure the polling
timeout against the marathon API.enableProbation config option for configuring a client's load balancer
probation settingtracers section with pluggable tracers (although
we don't provide any out of the box just yet)namers configurations may now configure Namers or NameInterpreters
to support richer namer behavior.maxConcurrentRequests config option to limit number of concurrent
requests accepted by a server.hostConnectionPool client config section to control the number of
connections maintained to destination hosts.attemptTTwitterUpgrade thrift client config option to control whether
thrift protocol upgrade should be attempted.servers section; previously, a default
server port would be used if none was provided.thriftProtocol config option allows the thrift protocol to be
specified. We currently support binary (default) and compact.thriftMethodInDst config option to allow for routing based on thrift
method names.admin/port config parameters, for those
of you who have Opinions About Ports./routers.json endpoint with runtime router state.This is a big release! Get ready.
First release of the Buoyant Application Router.
router script to start/stop/restart the router!